Training Session - Reverse Engineering

Reverse Engineering Crash Course

Overview

Do you want to start with reverse engineering or malware analysis, and learn it
from the ground up? Do you want to know how to examine closed source software
to find bugs, or maybe even exploit it? Or do you just want to understand the
low-level concepts, and dig deeper to learn how your source code is translated
into the binary and then executed by the processor? Then this course is for
you.

This course will start by a quick introduction to the assembly language from
its basics. You will understand the low-level concepts and levels of
abstraction in the computer and then move onto the reverse engineering on
x86_32 architecture. You will see how the binary is compiled from the source
code, and what is hidden inside. You will use your newly-gained skills to start
reverse engineering real-world malware samples.

The training will cover the malware basics and frequently used malicious
techniques, and will teach you how to use tools to analyze them. As a bonus, a
gentle introduction to exploits and shellcode will be provided.

During the course, we will first grasp the assembly language, and then quickly
move into reverse engineering fundamentals. We will work with practical
hands-on labs and examples of real-world malware samples.

While the explanation of assembly and reverse engineering will be platform
independent, the malicious samples we will examine will be specific to the
Windows platform, on which we will work during the labs.

Who Should Take This Course

The training is suitable for anyone working in computer security field who has has little to no prior experience in assembly language, reverse engineering, malware analysis and exploitation. Targeted audience includes future malware analysts, malware researchers, system administrators, security officers, penetration testers, incident responders, software developers and anyone who wants to learn more about computer security or about computers in-depth.

Prerequisites

Students should have a knowledge of basic programming concepts, and should be familiar with at least one of the following programing languages: C, C++, Python, Pascal or assembly.

Hardware & Software Requirement

Computer with virtual machine (for example VMWare or VirtualBox is suitable). The virtual machine must have: installed Windows OS 7 or higher with administrator privileges, at least 20 GB free space and 2 GB RAM.
IDA Pro licensed is recommended, but IDA Freeware will be enough for the purposes of this training.

Bio

Filip Kafka
Malware Researcher, ESET

Filip Kafka is a malware researcher at ESET's Malware Analysis Laboratory. His main responsibilities include detailed malware analyses and training new reverse engineers in the ESET Virus Lab, but his professional interests, as well as his latest research, focus on APTs. He is a regular speaker at security conferences including the Virus Bulletin conference, the AVAR conference, Caro Workshop and NorthSec conference. He has also been speaking at various events aimed at raising awareness about malware and computer security, presented for local universities. His teaching experience includes running reverse engineering and malware research workshops in London, Brno or Bratislava, and regularly lecturing a reverse engineering course at the Slovak University of Technology and the Comenius University.